Full Disclosure: by author
RSS Feed
About List
All Lists
Previous period
88 messages
starting Dec 05 16 and
ending Dec 01 16
Date index |
Thread index |
Author index
31c0n
CFP - 31c0n - Feb 2017, New Zealand 31c0n (Dec 05)
Apple Product Security
APPLE-SA-2016-12-13-6 Additional information for APPLE-SA-2016-12-12-3 tvOS 10.1 Apple Product Security (Dec 14)
APPLE-SA-2016-12-13-8 Transporter 1.9.2 Apple Product Security (Dec 14)
APPLE-SA-2016-12-13-1 macOS 10.12.2 Apple Product Security (Dec 14)
APPLE-SA-2016-12-12-3 tvOS 10.1 Apple Product Security (Dec 12)
APPLE-SA-2016-12-12-2 watchOS 3.1.1 Apple Product Security (Dec 12)
APPLE-SA-2016-12-13-4 iCloud for Windows v6.1 Apple Product Security (Dec 14)
APPLE-SA-2016-12-13-3 iTunes 12.5.4 Apple Product Security (Dec 14)
APPLE-SA-2016-12-13-2 Safari 10.0.2 Apple Product Security (Dec 14)
APPLE-SA-2016-12-13-7 Additional information for APPLE-SA-2016-12-12-2 watchOS 3.1.1 Apple Product Security (Dec 14)
APPLE-SA-2016-12-13-5 Additional information for APPLE-SA-2016-12-12-1 iOS 10.2 Apple Product Security (Dec 14)
APPLE-SA-2016-12-12-1 iOS 10.2 Apple Product Security (Dec 12)
Asterisk Security Team
AST-2016-009: <br> Asterisk Security Team (Dec 08)
AST-2016-008: Crash on SDP offer or answer from endpoint using Opus Asterisk Security Team (Dec 08)
BENCSATH Boldizsar
kernel vuln status question - how can I be protected BENCSATH Boldizsar (Dec 27)
Berend-Jan Wever
MSIE 9 MSHTML CMarkup::ReloadInCompatView use-after-free Berend-Jan Wever (Dec 14)
CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption Berend-Jan Wever (Dec 05)
Opera foreignObject textNode::removeChild use-after-free details Berend-Jan Wever (Dec 01)
CVE-2013-3111: MSIE 9 IEFRAME CSelectionInteractButtonBehavior::_UpdateButtonLocation use-after-free Berend-Jan Wever (Dec 12)
CVE-2014-4138: MSIE 11 MSHTML CPasteCommand::ConvertBitmaptoPng heap-based buffer overflow Berend-Jan Wever (Dec 21)
CVE-2015-1730: MSIE jscript9 JavaScriptStackWalker memory corruption details and PoC Berend-Jan Wever (Dec 09)
Google Chrome Accessibility blink::Node corruption details Berend-Jan Wever (Dec 01)
CVE-2015-6168: MS Edge CMarkup::EnsureDeleteCFState use-after-free details Berend-Jan Wever (Dec 01)
MSIE 9 IEFRAME CMarkupPointer::MoveToGap use-after-free Berend-Jan Wever (Dec 16)
CVE-2013-0090: MSIE 9 IEFRAME CView::EnsureSize use-after-free Berend-Jan Wever (Dec 16)
CVE-2013-6627: Chrome Chrome HTTP 1xx base::StringTokenizerT<...>::QuickGetNext OOBR Berend-Jan Wever (Dec 19)
CVE-2013-0019: MSIE 9 CDoc::ExecuteScriptUri use-after-free Berend-Jan Wever (Dec 03)
MSIE 9 MSHTML CElement::HasFlag memory corruption Berend-Jan Wever (Dec 09)
CVE-2013-3143: MSIE 9 IEFRAME CMarkup..RemovePointerPos use-after-free Berend-Jan Wever (Dec 15)
CVE-2014-1785: MSIE 11 MSHTML CSpliceTreeEngine::RemoveSplice use-after-free Berend-Jan Wever (Dec 20)
Re: CVE-2016-3222: MS Edge CBaseScriptable::PrivateQueryInterface memory corruption Berend-Jan Wever (Dec 06)
CVE-2013-1306: MSIE 9 MSHTML CDispNode::InsertSiblingNode use-after-free details Berend-Jan Wever (Dec 09)
CVE-2013-1309: Berend-Jan Wever (Dec 09)
Black Arch
BlackArch Linux OVA Image released! Black Arch (Dec 27)
New BlackArch Linux ISOs (2016.12.20) released! Black Arch (Dec 20)
Celso Bento
Hotlinking Vulnerability in Glype (All Versions) Celso Bento (Dec 19)
[CXSEC]
Apple iOS/tvOS/watchOS Remote memory corruption through certificate file [CXSEC] (Dec 12)
Dawid Golunski
PHPMailer < 5.2.20 Remote Code Execution PoC 0day Exploit (CVE-2016-10045) (Bypass of the CVE-2016-1033 patch) Dawid Golunski (Dec 27)
PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Dawid Golunski (Dec 27)
Nagios Core < 4.2.2 Curl Command Injection leading to Remote Code Execution [CVE-2016-9565] Dawid Golunski (Dec 15)
SwiftMailer <= 5.4.5-DEV Remote Code Execution (CVE-2016-10074) Dawid Golunski (Dec 29)
PHPMailer < 5.2.18 Remote Code Execution [updated advisory] [CVE-2016-10033] Dawid Golunski (Dec 27)
Nagios Core < 4.2.4 Root Privilege Escalation [CVE-2016-9566] Dawid Golunski (Dec 15)
dxw Security
CSRF/stored XSS in Quiz And Survey Master (Formerly Quiz Master Next) allows unauthenticated attackers to do almost anything an admin can (WordPress plugin) dxw Security (Dec 16)
copy-me vulnerable to CSRF allowing unauthenticated attacker to copy posts (WordPress plugin) dxw Security (Dec 21)
Reflected XSS in Social Pug – Easy Social Share Buttons could allow an attacker to do almost anything an admin user can (WordPress plugin) dxw Security (Dec 10)
CSRF vulnerability in Multisite Post Duplicator could allow an attacker to do almost anything an admin user can do (WordPress plugin) dxw Security (Dec 10)
Reflected XSS in MailChimp for WordPress could allow an attacker to do almost anything an admin user can (WordPress plugin) dxw Security (Dec 14)
Arbitrary file deletion vulnerability in Image Slider allows authenticated users to delete files (WordPress plugin) dxw Security (Dec 27)
Eissing Stefan
CVE-2016-8740, Server memory can be exhausted and service denied when HTTP/2 is used Eissing Stefan (Dec 05)
Elar Lang
SQL injection in Joomla extension DT Register Elar Lang (Dec 13)
Re: SQL injection in Joomla extension DT Register Elar Lang (Dec 18)
Erik Auerswald
Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto Erik Auerswald (Dec 29)
ERPScan inc
[ERPSCAN-16-035] SAP Solman - user accounts disclosure ERPScan inc (Dec 20)
ESNC Security
[ESNC-2041217] Critical Security Vulnerability in PwC ACE Software for SAP Security ESNC Security (Dec 09)
FOXMOLE Advisories
[FOXMOLE SA 2016-05-02] e107 Content Management System (CMS) - Multiple Issues FOXMOLE Advisories (Dec 01)
Francesco Oddo
Splunk Enterprise Server-Side Request Forgery Francesco Oddo (Dec 09)
gremlin
Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto gremlin (Dec 27)
hyp3rlinx
Microsoft Authorization Manager "azman" XML External Entity hyp3rlinx (Dec 05)
Adobe Animate <= v15.2.1.95 Memory Corruption Vulnerability hyp3rlinx (Dec 14)
Microsoft PowerShell XML External Entity hyp3rlinx (Dec 06)
Microsoft MSINFO32.EXE ".NFO" Files XML External Entity hyp3rlinx (Dec 05)
Microsoft Excel Starter 2010 XML External Entity hyp3rlinx (Dec 05)
Microsoft Event Viewer v1.0 XML External Entity hyp3rlinx (Dec 05)
Microsoft Windows Media Center "ehshell.exe" XML External Entity hyp3rlinx (Dec 05)
Joshua
Gstreamer ID3v2 v1.0 - Out of Bounds Read Joshua (Dec 09)
Julien Ahrens
Re: XenForo 1.5.x Unauthenticated Remote Code Injection Julien Ahrens (Dec 16)
Kacper Szurek
WinPower V4.9.0.4 Privilege Escalation Kacper Szurek (Dec 01)
Luigi Rosa
Re: PHPMailer < 5.2.18 Remote Code Execution [CVE-2016-10033] Luigi Rosa (Dec 27)
Martin Bednorz
Roundcube 1.2.2: Command Execution via Email Martin Bednorz (Dec 09)
MustLive
DAVOSET v.1.2.9 MustLive (Dec 06)
New CSRF vulnerabilities in D-Link DAP-1360 MustLive (Dec 01)
Nightwatch Cybersecurity Research
Insecure Transmission of Qualcomm Assisted-GPS Data [CVE-2016-5341] Nightwatch Cybersecurity Research (Dec 05)
Oscar Martinez
Broken access control on bluemix containers Oscar Martinez (Dec 09)
Pedro Ribeiro
[0-day] RCE and admin credential disclosure in NETGEAR WNR2000 Pedro Ribeiro (Dec 21)
Pierre-David Oriol - Northsec Conference
Announcing NorthSec 2017 CFP + Reg - Montreal, May 16-21 Pierre-David Oriol - Northsec Conference (Dec 01)
RedTeam Pentesting GmbH
[RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto RedTeam Pentesting GmbH (Dec 23)
Rio Sherri
Dual DHCP DNS Server 7.29 Buffer Overflow (Dos) Rio Sherri (Dec 09)
Eagle Speed USB MODEM SOFTWARE Privilege Escalation Rio Sherri (Dec 01)
SEC Consult Vulnerability Lab
SEC Consult SA-20161206-0 :: Backdoor vulnerability in Sony IPELA ENGINE IP Cameras SEC Consult Vulnerability Lab (Dec 06)
Stefan Kanthak
Executable installers are vulnerable^WEVIL (case 42): SoftMaker's FreeOffice installer allows escalation of privilege Stefan Kanthak (Dec 29)
Summer of Pwnage
Google Analytics Counter Tracker WordPress Plugin unauthenticed PHP Object injection vulnerability Summer of Pwnage (Dec 11)
Tim
Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto Tim (Dec 27)
Re: [RT-SA-2016-001] Padding Oracle in Apache mod_session_crypto Tim (Dec 30)
Vishal Mishra
XenForo 1.5.x Unauthenticated Remote Code Injection Vishal Mishra (Dec 15)
VMware Security Response Center
NEW VMSA-2016-0023 VMware ESXi updates address a cross-site scripting issue VMware Security Response Center (Dec 20)
Vulnerability Lab
Apple iOS v10.1 & 10.1.1 - iCloud & Device Lock Bypass on Activate via local Buffer Overflow Vulnerability (Wifi Network) Vulnerability Lab (Dec 01)
Winni Neessen
XSS in tooltip plugin of Zurb Foundation 5 Winni Neessen (Dec 01)